New Apple QuickTime Update Patches 12 Vulnerabilities

Apple pushed out version 7.7.4 of its multimedia framework QuickTime for Windows users on Wednesday, addressing a handful of issues, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate. It’s Apple’s first QuickTime update of the year and the first for Windows users since last November.

A dozen vulnerabilities were fixed – 11 of the 12 were reported by security researchers in tandem with HP’s Zero Day Initiative.

A bulk of the vulnerabilities stemmed from how the framework handled playing maliciously crafted movie and MP3 files. In some cases, vulnerabilities existed in the framework that could be exploited if someone were to open malicious QTIF files, JPEG files, FPX files or MVHD atoms – the containers QuickTime uses for movie data.

Apple improved bounds checking – the method of detecting whether a variable is within some bounds before its use – to address memory corruption issues and buffer overflows on QuickTime.

According to Apple’s Mailing Lists, who have an in-depth rundown of all the patches, the vulnerabilities affect versions of QuickTime on Windows 7, Vista, XP SP 2 and later.

The update, which can be found in the Downloads section of Apple’s site is recommended for anyone still running QuickTime 7 on Windows machines.

About Chris Brook

"Distrust and caution are the parents of security" - Benjamin Franklin

Recommended Reads

OS X security researcher Patrick Wardle is expected at Black Hat to demonstrate how to write advanced Mac malware, including Gatekeeper and Xprotect bypasses, in hopes of raising awareness to the current state of OS malware detection.

In the second quarter of 2015 Kaspersky Lab solutions detected and repelled a total of 379,972,834 malicious attacks from online resources. There were 5,903,377 registered notifications about attempte...

Innovative technologies are conquering the financial market, opening up new opportunities for startups. The volume of investment in projects for the banking sector is constantly growing, as is its pot...